I don't understand why login page shows first when I try to view my web application

Donald Symmons 2,856

After I publishing my first web app to test what I had been learning, I discovered that when I type the Web address in the browser address bar, it takes me to login page instead of the Default page. Why did it not show me the Default page first, is what I don't understand ? Could it be that the authentication was not properly set? But I set the Default page and some other pages like about and sign up pages as anonymous access, allowing any user to have access to the pages, but yet it still takes me to Login page; the default page doesn't show first Here is my web config

<system.web>
    <trust level="Full"/>
    <sessionState timeout="40"></sessionState>
    <authentication mode="Forms">
      <forms name="login" timeout="40" cookieless="UseCookies" loginUrl="Login.aspx" defaultUrl="overview.aspx" slidingExpiration="true" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" maxRequestLength="3145728" />
    <customErrors mode="Off" />
    <pages enableEventValidation="false">
      <controls>
        <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
      </controls>
    </pages>
  </system.web>
<location path="Signup.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="About.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

I also made some routing in the Global asax file

void Application_Start(object sender, EventArgs e) 
    {
        // Code that runs on application startup
                ScriptManager.ScriptResourceMapping.AddDefinition("jquery", 
    new ScriptResourceDefinition
{
Path = "~/scripts/jquery-1.7.2.min.js",
DebugPath = "~/scripts/jquery-1.7.2.min.js",
CdnPath = "http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.1.min.js",
CdnDebugPath = "http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.1.js"
});

         RegisterRoutes(RouteTable.Routes);
    }
 static void RegisterRoutes(RouteCollection routes)
    {
        routes.MapPageRoute("About", "about", "~/About.aspx");
        routes.MapPageRoute("Login", "login", "~/Login.aspx");
        routes.MapPageRoute("Signup", "signup", "~/Signup.aspx");
    }

Please, what can I do to make the default page display first, as the start page when I type the web address? e.g. www.mytestwebsite.com. I just want that when I type the address like the example I show above, it takes me to the Default page instead of the Login page.

Accepted answer

AgaveJoe 26,136 Reputation points

2023-04-24T14:06:55.7766667+00:00
Create a folder named "Public". Add a Default.aspx page to the Public folder. Allow all access to the Public folder in the web.config.

<location path="Public"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location>

Update the Global.asax to check if the current requested URL is the application root and the request is unauthorized. If so, redirect to ~/Public/Defualt.aspx"

protected void Application_AuthenticateRequest(Object sender, EventArgs e) { string domainName = $"{HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority)}/"; if (!Request.IsAuthenticated & Request.Url.ToString() == domainName) { Response.Redirect("~/public/default.aspx"); } }
Please sign in to rate this answer.
Donald Symmons 2,856 Reputation points

2023-04-24T14:37:04.3033333+00:00

Hi @AgaveJoe ,

Update the web.config to check if the current requested URL is the application root and the request is unauthorized. If so, redirect to ~/Public/Defualt.aspx"

Do you mean update the web.config or Global.asax? Because this looks like the Global.asax

protected void Application_AuthenticateRequest(Object sender, EventArgs e) { string domainName = $"{HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority)}/"; if (!Request.IsAuthenticated & Request.Url.ToString() == domainName) { Response.Redirect("~/public/default.aspx"); } }

Donald Symmons 2,856 Reputation points

2023-04-24T14:42:29.6133333+00:00

There is one more thing I want to know please, if you don't mind. Besides putting all public files into the public folder, is it possible to put only the Default.aspx page in the public folder even if I have other public pages? I asked this because, I figured that when I type the web address like this www.mypp.com/Default.aspx , it redirects me to my Default page and when I click on a navigation link in the Default page to view other public pages, it takes me exactly to the requested page without authorization or authentication. That's why I asked if I can put only the Default page since I want to have the default page show first when I browse the application on the internet

AgaveJoe 26,136 Reputation points

2023-04-24T14:48:49.7633333+00:00

Do you mean update the web.config or Global.asax?

Yes. Update the Global.asax

it redirects me to my Default page and when I click on a navigation link in the Default page to view other public pages, it takes me exactly to the requested page without authorization or authentication.

/Default works but / does not not, right? Again, redirect to whatever works when the user tries to access the root.

Donald Symmons 2,856 Reputation points

2023-04-24T15:48:30.0633333+00:00

Hi @AgaveJoe , When I placed the code in the Global.asax file I got a red line underneath a line, shown below

AgaveJoe 26,136 Reputation points

2023-04-24T17:40:22.6966667+00:00

I can't read the error message but you can. Perhaps it is the sting interpolation due to using an older version of C#. Try string concatenation.

string domainName = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority) + "/";

Donald Symmons 2,856 Reputation points

2023-04-25T06:06:38.3633333+00:00

Hi @AgaveJoe , I did not put the Default page in a public folder; I decided to try something out, by using this redirect instead and it works. Thank you very much for showing me this, now I know how I can effect redirect a start page on a live server, with forms authentication and authorization.

protected void Application_AuthenticateRequest(Object sender, EventArgs e) { string domainName = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority) + "/"; if (!Request.IsAuthenticated & Request.Url.ToString() == domainName) { Response.Redirect("~/default.aspx"); } }
Sign in to comment

3 additional answers

SurferOnWww 1,911 Reputation points

2023-04-24T03:29:26.6533333+00:00

Please delete <deny users="?" /> in web.config and try again. "?" means all anonymous users.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Lan Huang-MSFT 25,711 Microsoft Vendor

Hi @Donald Symmons,

You try to change defaultUrl="overview.aspx" to defaultUrl="Default.aspx".

FormsAuthentication.DefaultUrl Property:Gets the URL that the FormsAuthentication class will redirect to if no redirect URL is specified.

If it still doesn't work, try setting <defaultDocument>.

https://learn.microsoft.com/en-us/iis/configuration/system.webserver/defaultdocument/

<configuration>
   <system.webServer>
      <defaultDocument enabled="true">
         <files>
           <add value="Default.aspx" />
         </files>
      </defaultDocument>
   </system.webServer>
</configuration>

Best regards,
Lan Huang

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Donald Symmons 2,856

I tried that and it did not work

<configuration>
  <appSettings>
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
  </appSettings>
  <system.web>
    <trust level="Full"/>
    <sessionState timeout="40"></sessionState>
    <authentication mode="Forms">
      <forms timeout="40" cookieless="UseCookies" loginUrl="Login.aspx" defaultUrl="Default.aspx" slidingExpiration="true" />
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" maxRequestLength="3145728" />
    <customErrors mode="Off" />
    <pages enableEventValidation="false">
      <controls>
        <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
      </controls>
    </pages>
  </system.web>
  <system.webServer>
    <defaultDocument enabled="true">
      <files>
        <clear/>
        <add value="Default.aspx" />
      </files>
    </defaultDocument>
  </system.webServer>
  <system.web.extensions>
    <scripting>
      <webServices>
        <jsonSerialization maxJsonLength="819200000">
        </jsonSerialization>
      </webServices>
    </scripting>
  </system.web.extensions>
  <location path="Signup.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.codedom>
  </system.codedom>
</configuration>

AgaveJoe 26,136 Reputation points

2023-04-24T13:15:16.4233333+00:00

In Web Forms I place all the secured pages into a folder named "private" and add authorization to the private folder. Then you can has whatever public pages you like including the application root.
Please sign in to rate this answer.
Donald Symmons 2,856 Reputation points

2023-04-24T13:26:52.9466667+00:00

Hi @AgaveJoe , That's a good point. Thanks @AgaveJoe , I can do that. But I have tons of pages and there is no way I can copy them into a folder right now. Looks like this new Visual studio does not support copying files (aspx and aspx.cs) into another location. I'll have to re-write the pages and that will take a very long time.

AgaveJoe 26,136 Reputation points

2023-04-24T13:30:09.2066667+00:00

Looks like this new Visual studio does not support copying files (aspx and aspx.cs) into another location.

Not true. You can try catching unauthorized requests to the application root in the global.asax and redirect specifically to www.youapp.com/someAnonymousFolder/Default.aspx.

Donald Symmons 2,856 Reputation points

2023-04-24T13:35:24.2666667+00:00

Hi @AgaveJoe ,

You can try catching unauthorized requests to the application root in the global.asax and redirect specifically to www.youapp.com/Default.aspx.

How so? Please may I know how I can do this?

Donald Symmons 2,856 Reputation points

2023-04-24T13:44:59.6333333+00:00

Hi @AgaveJoe , I did not see this issue coming. I thought that when I give anonymous access to the Default page(Default.aspx), it will just automatically redirect me to the Default page upon viewing the web application over the internet. The most intriguing part is that in the local server, when I run the application, it automatically shows the Default page first. Then I can navigate to other pages. But I decided to publish the web application, in order to find out if what I have been learning can actually work on the internet besides testing it on the local server. Because I once had an issue when I thought that everything was working fine when in local but when I tested it on the internet I had tons of errors.

AgaveJoe 26,136 Reputation points

2023-04-24T13:49:32.31+00:00

Your assumption is incorrect. You could make the default page the login page.
If you need multiple public pages that do the opposite of above and create a public folder. Place all public pages in the public folder. Allow anonymous access to the public folder. In the Global asax check if the request is unauthenticated and the target is the application root. If so, redirect to /public/default.aspx.
Sign in to comment